Sikur is defining the future of secure communication. Operating globally, it has offices in Latin America, United States, and Europe. Sikur works alongside governments and corporations that believe security is fundamental to the integrity of their work. We believe that security is not only about platforms and digital systems but is a mindset that surrounds every aspect of business.

“In 2018, clinics and hospitals were hit with numerous cyber attacks leading to significant data breaches and interruptions in medical services,” the researchers wrote. “Attackers can alter 3D medical scans to remove existing, or inject non-existing medical conditions. An attacker may do this to remove a political candidate/leader, sabotage/falsify research, perform murder/terrorism, or hold data ransom for money.”

Using a test dummy to highlight the vulnerabilities in picture archiving and communication systems (PACS), researchers demonstrated that 98% of the times they injected or removed solid pulmonary nodules, they were able to fool radiologists and state-of-the-art artificial intelligence (AI).

“I was quite shocked,” Nancy Boniel, a radiologist in Canada who participated in the study, told the Washington Post. “I felt like the carpet was pulled out from under me, and I was left without the tools necessary to move forward.”

According to the PoC, researchers built a man-in-the-middle device to use the method of attack that penetration testers demonstrated in a hospital. The researchers gained access to the radiologist’s workstation and the CT scanner room after the cleaning staff opened the door for them. In a matter of 30 seconds, they installed a device running a fake malware designed to inject or remove images.

Once installed, the attackers returned to the waiting room, where they had remote wireless access and were able to intercept and manipulate CT scans, which were not encrypted.

India was the country with third highest number of cyber attacks in 2018, according to the report, after Mexico and France.

A recent survey by UK-based endpoint security provider Sophos has found that 76 per cent businesses were hit by cyber attacks in 2018, while globally 68 per cent organisations admitted cyber attacks last year.

India was the country with third highest number of cyber attacks in 2018, according to the report, after Mexico and France.

“In India, most of the attacks are happening where the money is, which means the financial services, oil and gas and energy sectors. These are the places where cyber-criminal can make most of his money and they are hit most by them,” Sunil Sharma, Managing Director Sales at Sophos India & SAARC told Business Today.

For the survey, 3,100 IT decision makers were interviewed between December 2018 and January 2019. In India, the company surveyed 300 IT decision makers and found that more than 18 per cent threats discovered in India are on mobile devices, almost double than the global average.

“When we tried to discover where do the most attacks come from? Primarily, we found two areas, servers and networks. But endpoint and mobile are also not far away,” Sharma added.

According to the survey report, in India, most cybercriminals are detected at the server (39 per cent) or on the network (35 per cent); 8 per cent are found on endpoints. On average, Indian organisations that investigate one or more potential security incidents each month spend 48 days a year (four days a month) investigating them, according to the survey.

Another ransomware attack has made headlines with the city of Del Rio, Texas, announcing on January 10, 2019, that the servers at City Hall were disabled, according to a press release.

“The first step in addressing the issue, was for the City’s M.I.S. (Management Information Services) Department to isolate the ransomware which necessitated turning off the internet connection for all city departments and not allowing employees to log into the system. Due to this, transactions at City Hall are being done manually with paper.”

As has been the alternative method of communication for many organizations that have been impacted by cyber-attacks, Del Rio turned to social media, using Facebook to inform citizens of alternative payment options available to them.

After reporting the attack to the FBI, Del Rio was referred to the Secret Service. “The City is diligently working on finding the best solution to resolve this situation and restore the system. We ask the public to be patient with us as we may be slower in processing requests at this time,” the press release said.

Shamoon is back… one of the most destructive malware families that caused damage to Saudi Arabia’s largest oil producer in 2012 and this time it has targeted energy sector organizations primarily operating in the Middle East.

Earlier this week, Italian oil drilling company Saipem was attacked and sensitive files on about 10 percent of its servers were destroyed, mainly in the Middle East, including Saudi Arabia, the United Arab Emirates and Kuwait, but also in India and Scotland.

Saipem admitted Wednesday that the computer virus used in the latest cyber attack against its servers is a variant Shamoon—a disk wiping malware that was used in the most damaging cyber attacks in history against Saudi Aramco and RasGas Co Ltd and destroyed data on more than 30,000 systems.

The cyber attack against Saudi Aramco, who is the biggest customer of Saipem, was attributed to Iran, but it is unclear who is behind the latest cyber attacks against Saipem.

Meanwhile, Chronicle, Google’s cybersecurity subsidiary, has also discovered a file containing Shamoon sample that was uploaded to VirusTotal file analyzing service on 10th December (the very same day Saipem was attacked) from an IP address in Italy, where Saipem is headquartered.

However, the Chronicle was not sure who created the newly discovered Shamoon samples or who uploaded them to the virus scanning site.

While “unemployment or underemployment” and “failure of national governance” take first and second place respectively, cyber threats have moved from eighth in last year’s report to fifth this year.

It tended to be viewed as a greater risk in more advanced economies: 19 countries from Europe and North America plus India, Indonesia, Japan, Singapore and the United Arab Emirates ranked it as number one.

In Europe, the UK and Germany both placed cyber-attacks as the number one risk.

“When looking at the causes of breaches, it’s evident that email attachments, links and downloads are the most common methods used by hackers. Be it HR professionals opening infected CVs from unknown sources, or employees clicking links on malware-riddled social media sites on their lunch break, users provide hackers with an easy route to bypass security,” he added.

“These simple attack methods are still effective because the architecture cybersecurity is built on is fundamentally flawed, as it overwhelmingly relies on detecting these threats. We’re increasingly seeing zero-day and other polymorphic malware being used to evade detection. Even the more sophisticated detection-based tools that utilize machine learning, AI and behavioral analytics to identify anomalies and patterns can potentially struggle to determine what is good and what is bad – and are certainly never able to be 100% accurate.”

The majority of cyber attacks begin with one simple phishing email. So will it ever be possible to close this door to hackers, once and for all?

Email is incredibly useful, which is why we all still use it. But chief among its downsides (along with getting caught in a group-cc’d message hell) is that email remains one of the most common routes for hackers to attack businesses.

But if email leaves us so vulnerable to attempts at hacking, why do we stick with it?

“Email is still the main way that two entities who may not have a relationship get together and communicate. Whether it’s a law firm communicating with a business or a candidate applying for a job, email is still the bridge to getting these entities communicating. It’s not going away,” says Aaron Higbee, co-founder and CTO at anti-phishing company Cofense.

As long as email is here, phishing will also remain a problem — and while some phishing campaigns are really sophisticated and based around cyber criminals performing deep reconnaissance on targets, other email-based attacks aren’t so sophisticated — and yet are still worryingly successful.

Group-IB has estimated that crypto exchanges suffered a total loss of $882 million due to targeted attacks between 2017 and 2018.

Group-IB, an international company that specializes in preventing cyber attacks,has estimated that cryptocurrency exchanges suffered a total loss of $882 million due to targeted attacks in 2017 and in the first three quarters of 2018. According to Group-IB experts, at least 14 crypto exchanges were hacked. Five attacks have been linked to North Korean hackers from Lazarus state-sponsored group, including the infamous attack on Japanese crypto exchange Coincheck, when $534million in crypto was stolen.

This data was included in the annual Hi-Tech Crime Trends 2018 report, presented by Group-IB CTO, Dmitry Volkov, at the sixth international CyberСrimeCon conference. A separate report chapter is dedicated to the analysis of hackers’ and fraudsters’ activity in crypto industry.

Crypto exchanges: in the footsteps of Lazarus

In most cases, cybercriminals, while attacking cryptocurrency exchanges, use traditional tools and methods, such as spear phishing, social engineering, distribution of malware, and website defacement. One successful attack could bring hackers tens of millions of dollars in crypto funds, whilst reducing the risks of being caught to a minimum: the anonymity of transactions allows cybercriminals to withdraw stolen funds without putting themselves at greater risk.

Spear phishing remains the major vector of attack on corporate networks. For instance, fraudsters deliver malware under the cover of CV spam: they send an email containing a fake CV with the subject line “Engineering Manager for Crypto Currency job” or the file «Investment Proposal.doc» in attachment, that has a malware embedded in the document.

In the last year and a half, the North-Korean state-sponsored Lazarus group attacked at least five cryptocurrency exchanges: Yapizon, Coins, YouBit, Bithumb, Coinckeck. After the local network is successfully compromised, the hackers browse the local network to find workstations and servers used working with private cryptocurrency wallets.

The incident occurred over a two-hour period on September 14, with server issues detected three-days later and the authorities notified shortly after. The firm is withholding precise details of the attack while the authorities investigate.

Parent company Tech Bureau has reportedly already been hit with two business improvement orders this year and was subsequently forced to sign an agreement with investment group Fisco that will see the firm receive 5bn yen to help replace the lost coins, in exchange for majority ownership.

This is just the latest in a long line of cyber-attacks on Japanese crypto firms. Most famously, Tokyo-based Coincheck lost $530m worth of virtual currency earlier this year.

That could explain why the Financial Services Authority has created a new regulatory framework for such companies operating in Japan — the first of its kind to do so.

However, regulation is not a silver bullet, according to Ilia Kolochenko, CEO and founder of web security company High-Tech Bridge.

“Digital coins are extremely attractive for cyber-criminals who can easy launder them and convert into spendable cash, even in spite of some losses due to ‘transactional commissions’,” he said. “Most of these operations remain technically untraceable and undetectable, granting an absolute impunity to the attackers. Thus, cyber-criminals will readily invest into additional efforts to break in, even if security is properly implemented and maintained.”

As risks to governments and business continue to accelerate, collaboration with international agencies is the only way to fight cybercrime.

This is the view of the World Economic Forum’s Global Centre for Cybersecurity, which has stressed that in order to defeat malicious cyber-attacks, it cannot work alone.

The center was launched earlier this year to focus on cybercrime prevention and to protect and inform the financial industry about cybercrime, among other agendas.

It recently joined forces with Europol to exchange expertise and create a framework for best cyber practices.

And this year, it will continue to strengthen and increase its affiliations with other agencies.

Troels Oerting Jorgensen, the head of the WEF Centre for Cybersecurity, and former head of Europol’s European Cybercrime Centre, spoke to The Daily Swig about the new coalition and laid out its plans for 2018.

Was the cybersecurity center set up in response to any specific event?

Troels Oerting Jorgensen: The World Economic Forum has been working on cybercrime and cyber resiliencefor four years before the launch of the center.

Both public and private sector actors in the field repeatedly told us that they would like us to play a bigger role and apply the forum’s unique multi-stakeholder approach to the issue of cybercrime.

At the same time, we saw cybersecurity concerns climb up the list of things that keep CEOs up at night in our Global Risks Report.

Thus, the center is the logical consequence of the recognition that no one country, industry, or sector can address the challenges alone.

What have been identified as the main issues that the center will tackle?

TOJ:We have defined three priorities for the Centre for Cybersecurity: first, to reduce global cyberattacks by developing global security standards, policies and practices, and by promoting and implementing security by design.

Secondly, to contain current and future cyber-attacks globally through intensified cooperation and information sharing.

And thirdly, to deter cybercrime by heightening the risks associated with participating in illegal cyber activities, by means of reinforced collaboration between public and private partners.

Will the new cybersecurity center work alongside any other international organizations?

TOJ: The WEF is a platform that allows all types of organizations to come together to work on global challenges.

We believe that it is essential to get a broad coalition around the table if you really want to tackle issues that are global in nature and evolving so quickly.

For example, we just announced a new partnership with Europol to benefit from their extensive experience in digital forensics and enforcement.

Which companies has the WEF partnered with so far?

TOJ: We are aiming to have 50 companies and 25 governments engaged with the cybersecurity center by the end of this year.

For now, we are signing up partners by invitation only to make sure we have a representative mix of diverse sectors and industries from all geographies on board.

As always, let’s start from the Daily Trend of Attacks chart, which shows a clear increase in the number of events in the second half of the month.

Cyber Crime ranks steadily on top of the Motivations Behind Attacks, increasingly its percentage to 80.8% from 76.5% in March. Cyber Espionage slides to 11.1% from 19.4%. For the first time in 2018, hacktivism takes over cyber warfare. The events mostly in Italy lead its percentage to 5.1 from 1%. Cyber warfare closes the chart with 3% confirming the same value of April.

Malware is stable on top of the Attack Vectors chart with 27.3% (it was 39.8% in March). Account Hijackings are also stable at number two with 17.2% (it was 18.4% in March), and, again, targeted attacks confirm their third place with 14.1%.